Atlassian Jira 7.6.x < 8.5.4, 8.6.x < 8.7.1 Stored XSS (JRASERVER-70814)

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.6.x prior to 8.5.4 or 8.6.x prior to 8.7.1. It is, therefore, affected by a stored cross-site scripting XSS vulnerability in the REST API component. An authenticated, remote...

Mac Users Targeted by Spyware Spreading via Xcode Projects

A campaign aimed at Mac users is spreading the XCSSET suite of malware, which has the capability to hijack the Safari web browser and inject various JavaScript payloads that can steal passwords, financial data and personal information, deploy ransomware and more. Infections are propagating via...

Cross-Site Scripting (XSS)

francoisjacquet/rosariosis is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript in a user's browser via the URL encode key in PreparePHPSELF.php, leading to an admin session hijacking or executing arbitrary requests using the admin's...

SOPlanning <= 1.46.01 XSS Vulnerability

SOPlanning is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MyBB < 1.8.24 XSS Vulnerability

MyBB is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb";...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

Cross-Site Scripting (XSS)

restws is vulnerable to cross-site scripting. A remotely authenticated user is able inject and execute arbitary Javascript in another user's browser...

CVE-2020-11584

A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter...

Atlassian Confluence < 7.4.2 / 7.5.x < 7.5.2 XSS (CONFSERVER-60102)

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.4.2 or 7.5.x prior to 7.5.2. It is, therefore, affected by a cross-site scripting XSS vulnerability in user macro parameters. An authenticated, remote attacker can exploit...

cxf: reflected XSS in the services listing page

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting XSS attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploit...

IBM QRadar SIEM Carbon Black Response Cross-Site Scripting Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, etc. Carbon Black Response i...

CVE-2019-4747

IBM Team Concert RTC is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 172887...

Wordpress Plugin Powie&#039;s WHOIS Domain Check 0.9.31 - Persistent Cross-Site Scripting

Exploit Title: Wordpress Plugin Powie's WHOIS Domain Check 0.9.31 - Persistent Cross-Site Scripting Date: 2020-07-07 Vendor Homepage: https://powie.de Vendor Changelog: https://wordpress.org/plugins/powies-whois/developers Software Link: https://wordpress.org/plugins/powies-whois/ Exploit Author:...

CVE-2020-7690

All affected versions 2.0.0 of package jspdf are vulnerable to Cross-site Scripting XSS. It is possible to inject JavaScript code via the html method...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

Atlassian JIRA Server and Data Center Cross-Site Scripting Vulnerability (CNVD-2020-53364)

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. Atlassian JIRA Server is the server version of a defect tracking management system that is used to track and manage all...

Atlassian JIRA Server and Data Center Cross-Site Scripting Vulnerability (CNVD-2021-17356)

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. Atlassian JIRA Server is the server version of a defect tracking management system that is used to track and manage all...

e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites. "We found skimming code hidden within the metadata of an image file...

Fedora 31 : php-horde-horde (2020-01d7b8b690)

horde 5.2.23 - mjr SECURITY: Fix JavaScript injection vulnerability in mobile login page. - mjr Fix broken cloud search in portal block. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Fedora 32 : php-horde-horde (2020-a41fda3b4c)

horde 5.2.23 - mjr SECURITY: Fix JavaScript injection vulnerability in mobile login page. - mjr Fix broken cloud search in portal block. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...